Using DNAMEs for RFC2317-like delegations

Chris Thompson cet1 at hermes.cam.ac.uk
Wed Jul 30 13:21:09 UTC 2008


On Jul 30 2008, Paul Vixie wrote:

>Chris Thompson <cet1 at hermes.cam.ac.uk> writes:
>
>> That's the conventional advice, of course, but does lead to a proliferation
>> of reverse zones. It seems to me that if one believes that DNAMEs really do
>> work (by virtue of the synthesized CNAMEs), then one ought to be able to use
>> them in an RFC2317-like way in cases like this:
>
>DNAMEs really do work.
>
>> $ORIGIN b.a.in-addr.arpa.
>> @       SOA ...
>>         NS  ...
>> 0-127   NS  (delegation for the /17)
>> 128-191 NS  (delegation for the first /18)
>> 192-255 NS  (delegation for the second /18)
[...]
>$GENERATE 0-127 $ DNAME $.0-127
>$GENERATE 128-191 $ DNAME $.128-191
>$GENERATE 192-255 $ DNAME $.192-255
[...]
>> and then the delegatees have only three zones
>>
>>   0-127.b.a.in-addr.arpa.
>>   128-191.b.a.in-addr.arpa.
>>   192-255.b.a.in-addr.arpa.
>>
>> to look after, each of which they populate as if they were (incomplete) 
>> reverse zones for b.a.in-addr.arpa.
>
>yes.
>
>> This is only a thought experiment: has anyone actually tried to do
>> something like this?
>
>yes.

Example(s) in the public DNS? So that I can point at it/them, and say 
"look, it doesn't cause any problems for John Doe's networks: why don't 
we start doing it like that?" ?

-- 
Chris Thompson
Email: cet1 at cam.ac.uk



More information about the bind-users mailing list